Skip to content

feat: Allow specifying vmnet network UUID to disable DHCP (on vmnet.h… #141

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
+84 −38
Open

feat: Allow specifying vmnet network UUID to disable DHCP (on vmnet.h… #141

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
88d975d
feat: Allow specifying vmnet network UUID to disable DHCP (on vmnet.h…
pallotron Oct 11, 2025
073e511
clang-format
pallotron Oct 11, 2025
3c61140
feedback from PR 140
pallotron Oct 11, 2025
b5df0fe
fix README.md
pallotron Oct 11, 2025
c305142
fix README.md
pallotron Oct 11, 2025
9750c51
fixed README.md wrong formatting
pallotron Oct 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
55 changes: 34 additions & 21 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,27 +12,29 @@ Unlike `vde_vmnet`, `socket_vmnet` does not depend on VDE.
<!-- START doctoc generated TOC please keep comment here to allow auto update -->
<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->

- [Install](#install)
- [From binary](#from-binary)
- [From source](#from-source)
- [From Homebrew](#from-homebrew)
- [From MacPorts](#from-macports)
- [Usage](#usage)
- [QEMU](#qemu)
- [Lima](#lima)
- [Advanced usage](#advanced-usage)
- [Multi VM](#multi-vm)
- [Bridged mode](#bridged-mode)
- [FAQs](#faqs)
- [Why does `socket_vmnet` require root?](#why-does-socket_vmnet-require-root)
- [Is it possible to run `socket_vmnet` with SETUID?](#is-it-possible-to-run-socket_vmnet-with-setuid)
- [How is socket_vmnet related to vde_vmnet?](#how-is-socket_vmnet-related-to-vde_vmnet)
- [How is socket_vmnet related to QEMU-builtin vmnet support?](#how-is-socket_vmnet-related-to-qemu-builtin-vmnet-support)
- [How to use static IP addresses?](#how-to-use-static-ip-addresses)
- [How to reserve DHCP addresses?](#how-to-reserve-dhcp-addresses)
- [IP address is not assigned](#ip-address-is-not-assigned)
- [Links](#links)
- [Troubleshooting](#troubleshooting)
- [socket_vmnet: vmnet.framework support for rootless and VDE-less QEMU](#socket_vmnet-vmnetframework-support-for-rootless-and-vde-less-qemu)
- [Install](#install)
- [From binary](#from-binary)
- [From source](#from-source)
- [From Homebrew](#from-homebrew)
- [From MacPorts](#from-macports)
- [Usage](#usage)
- [QEMU](#qemu)
- [Lima](#lima)
- [Advanced usage](#advanced-usage)
- [Multi VM](#multi-vm)
- [Bridged mode](#bridged-mode)
- [FAQs](#faqs)
- [Why does `socket_vmnet` require root?](#why-does-socket_vmnet-require-root)
- [Is it possible to run `socket_vmnet` with SETUID?](#is-it-possible-to-run-socket_vmnet-with-setuid)
- [How is socket_vmnet related to vde_vmnet?](#how-is-socket_vmnet-related-to-vde_vmnet)
- [How is socket_vmnet related to QEMU-builtin vmnet support?](#how-is-socket_vmnet-related-to-qemu-builtin-vmnet-support)
- [How to use static IP addresses?](#how-to-use-static-ip-addresses)
- [How to reserve DHCP addresses?](#how-to-reserve-dhcp-addresses)
- [IP address is not assigned](#ip-address-is-not-assigned)
- [How to setup a vmnet host network without DHCP?](#how-to-setup-a-vmnet-host-network-without-dhcp)
- [Links](#links)
- [Troubleshooting](#troubleshooting)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The new toc looks wrong. This was not part of the top before:

- [socket_vmnet: vmnet.framework support for rootless and VDE-less QEMU](#socket_vmnet-vmnetframework-support-for-rootless-and-vde-less-qemu)

And the rest of the options are over indented now.

You should should be only:

+ - [How to setup a vmnet host network without DHCP?](#how-to-setup-a-vmnet-host-network-without-dhcp)

Maybe the instructions for running doctor are not correct, or you are running a different version?

Lets separate the README.md change to another PR. We ned to find how to update the README.md without adding unwanted changes.

<!-- END doctoc generated TOC please keep comment here to allow auto update -->

Expand Down Expand Up @@ -430,6 +432,17 @@ sudo /usr/libexec/ApplicationFirewall/socketfilterfw --add /usr/libexec/bootpd
/usr/libexec/ApplicationFirewall/socketfilterfw --unblock /usr/libexec/bootpd
```

### How to setup a vmnet host network without DHCP?

You may need to disable the vmnet framework's DHCP to:

- Create a host network where all VMs have static IPs.
- Run a custom DHCP server on one VM to assign IPs to others on the same network.

To disable the macOS DHCP you must use `--vmnet-mode=host` and provide a `--vmnet-network-idenfitier` UUID.
You **_must not_** provide `--vmnet-gateway`. That is the signal to Apple's vmnet.framework to enable MacOS DHCP.
You can use `--vmnet-network-idenfitier=random` to get a random UUID assigned.

## Links

- https://developer.apple.com/documentation/vmnet
Expand Down
44 changes: 31 additions & 13 deletions cli.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,12 @@ static void print_usage(const char *argv0) {
"specified\n");
printf("--vmnet-interface-id=UUID vmnet interface ID (default: "
"random)\n");
printf("--vmnet-network-identifier=UUID vmnet network identifier (UUID string, \"random\", "
"or \"\")\n"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is the meaning of empty string?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it was suggested in here but I had to abandon that PR because I messed it up :D (I am learning jj to replace git and I messed things up).
I actually do not like it myself. should I remove this option? "random" work ok for my project.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The current code has this behavior:

Good:

  • option not used: vment_network_identifier is UUID_NULL since we calloc() the options struct
  • --vment-network-identifier C2A4A7C3-1912-412F-B928-12CA9B1762A0: use the provided uuid
  • --vment-network-identifier invalid-uuid-value: fails with invalid input error

Bad:

  • --vment-network-identifier "": call uuid_clear() which resets value of UUID variable to the NULL value - not needed since the uuid is already the NULL value. Supporting empty value makes the online help more confusing and makes not sense.
  • --vment-network-identifier random: create a random uuid. Not needed since the user can provide this easily with uuidgen or with the programing language uuid facility. Supporting this complicates the the online help for no benefit.

" When vmnet mode is \"host\" and --vmnet-gateway is "
"not set, the internal DHCP will be disabled.\n"
" (default: \"\")\n");

printf("--vmnet-nat66-prefix=PREFIX:: The IPv6 prefix to use with "
"shared mode.\n");
printf(" The prefix must be a ULA i.e. "
Expand All @@ -72,6 +78,7 @@ enum {
CLI_OPT_VMNET_MASK,
CLI_OPT_VMNET_INTERFACE_ID,
CLI_OPT_VMNET_NAT66_PREFIX,
CLI_OPT_VMNET_NETWORK_IDENTIFIER,
};

struct cli_options *cli_options_parse(int argc, char *argv[]) {
Expand All @@ -82,18 +89,19 @@ struct cli_options *cli_options_parse(int argc, char *argv[]) {
}

const struct option longopts[] = {
{"socket-group", required_argument, NULL, CLI_OPT_SOCKET_GROUP },
{"vmnet-mode", required_argument, NULL, CLI_OPT_VMNET_MODE },
{"vmnet-interface", required_argument, NULL, CLI_OPT_VMNET_INTERFACE },
{"vmnet-gateway", required_argument, NULL, CLI_OPT_VMNET_GATEWAY },
{"vmnet-dhcp-end", required_argument, NULL, CLI_OPT_VMNET_DHCP_END },
{"vmnet-mask", required_argument, NULL, CLI_OPT_VMNET_MASK },
{"vmnet-interface-id", required_argument, NULL, CLI_OPT_VMNET_INTERFACE_ID},
{"vmnet-nat66-prefix", required_argument, NULL, CLI_OPT_VMNET_NAT66_PREFIX},
{"pidfile", required_argument, NULL, 'p' },
{"help", no_argument, NULL, 'h' },
{"version", no_argument, NULL, 'v' },
{0, 0, 0, 0 },
{"socket-group", required_argument, NULL, CLI_OPT_SOCKET_GROUP },
{"vmnet-mode", required_argument, NULL, CLI_OPT_VMNET_MODE },
{"vmnet-interface", required_argument, NULL, CLI_OPT_VMNET_INTERFACE },
{"vmnet-gateway", required_argument, NULL, CLI_OPT_VMNET_GATEWAY },
{"vmnet-dhcp-end", required_argument, NULL, CLI_OPT_VMNET_DHCP_END },
{"vmnet-mask", required_argument, NULL, CLI_OPT_VMNET_MASK },
{"vmnet-interface-id", required_argument, NULL, CLI_OPT_VMNET_INTERFACE_ID },
{"vmnet-nat66-prefix", required_argument, NULL, CLI_OPT_VMNET_NAT66_PREFIX },
{"vmnet-network-identifier", required_argument, NULL, CLI_OPT_VMNET_NETWORK_IDENTIFIER},
{"pidfile", required_argument, NULL, 'p' },
{"help", no_argument, NULL, 'h' },
{"version", no_argument, NULL, 'v' },
{0, 0, 0, 0 },
};
int opt = 0;
while ((opt = getopt_long(argc, argv, "hvp:", longopts, NULL)) != -1) {
Expand Down Expand Up @@ -134,6 +142,16 @@ struct cli_options *cli_options_parse(int argc, char *argv[]) {
case CLI_OPT_VMNET_NAT66_PREFIX:
res->vmnet_nat66_prefix = strdup(optarg);
break;
case CLI_OPT_VMNET_NETWORK_IDENTIFIER:
if (strcmp(optarg, "random") == 0) {
uuid_generate_random(res->vmnet_network_identifier);
} else if (strcmp(optarg, "") == 0) {
uuid_clear(res->vmnet_network_identifier);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks like invalid value, fail instead of trying to make it work. If this option is set, the user must provide a valid uuid.

} else if (uuid_parse(optarg, res->vmnet_network_identifier) < 0) {
ERRORF("Failed to parse UUID \"%s\"", optarg);
goto error;
}
break;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lets replace the section with:

    case CLI_OPT_VMNET_NETWORK_IDENTIFIER:
        if (uuid_parse(optarg, res->vmnet_network_identifier) < 0) {
            ERRORF("Failed to parse UUID \"%s\"", optarg);
            goto error;
        }
        break;

case 'p':
res->pidfile = strdup(optarg);
break;
Expand Down Expand Up @@ -191,7 +209,7 @@ struct cli_options *cli_options_parse(int argc, char *argv[]) {
goto error;
}
if (res->vmnet_gateway == NULL) {
if (res->vmnet_mode != VMNET_BRIDGED_MODE) {
if (res->vmnet_mode != VMNET_BRIDGED_MODE && res->vmnet_mode != VMNET_HOST_MODE) {
WARN("--vmnet-gateway=IP should be explicitly specified to "
"avoid conflicting with other applications");
}
Expand Down
2 changes: 2 additions & 0 deletions cli.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,8 @@ struct cli_options {
char *vmnet_mask;
// --vmnet-interface-id, corresponds to vmnet_interface_id_key
uuid_t vmnet_interface_id;
// --vmnet-network-identifier, corresponds to vmnet_network_identifier_key
uuid_t vmnet_network_identifier;
// --vmnet-nat66-prefix, corresponds to vmnet_nat66_prefix_key
char *vmnet_nat66_prefix;
// -p, --pidfile; writes pidfile using permissions of socket_vmnet
Expand Down
21 changes: 17 additions & 4 deletions main.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -230,10 +230,23 @@ static interface_ref start(struct state *state, struct cli_options *cliopt) {
INFOF("Using network interface \"%s\"", cliopt->vmnet_interface);
xpc_dictionary_set_string(dict, vmnet_shared_interface_name_key, cliopt->vmnet_interface);
}
if (cliopt->vmnet_gateway != NULL) {
xpc_dictionary_set_string(dict, vmnet_start_address_key, cliopt->vmnet_gateway);
xpc_dictionary_set_string(dict, vmnet_end_address_key, cliopt->vmnet_dhcp_end);
xpc_dictionary_set_string(dict, vmnet_subnet_mask_key, cliopt->vmnet_mask);

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It will be better to keep the block setting the gateway address as is. vmnet docs do not mention that you must not use gateway address and network identifier together, and the purpose of the new flag is not to disable DHCP, but to expose additional vment option, that can be used to disable DHCP.

// no dhcp
if (cliopt->vmnet_mode == VMNET_HOST_MODE && cliopt->vmnet_gateway == NULL) {
if (!uuid_is_null(cliopt->vmnet_network_identifier)) {
xpc_dictionary_set_uuid(dict, vmnet_network_identifier_key, cliopt->vmnet_network_identifier);
uuid_string_t uuid_str;
uuid_unparse(cliopt->vmnet_network_identifier, uuid_str);
INFOF("Using network identifier \"%s\" and no vmnet gateway -> NO DHCP will be enabled on "
"this vmnet",
uuid_str);
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Based on vmnet.h, vmnet_network_identifier_key can only be used in VMNET_HOST_MODE, but vment_start_address_key, vment_end_addres_key, and vment_subnet_mask are not mentioned.

It makes sense that they should not be used together, since these are all DHCP options, and vmnet_network_identifier_key disables DHCP, but did you try vment_start_address_key together with the DHCP options? What is the outcome? Can this be useful to someone?

If using both options can have some value, we should limit this option only when the DHCP option are not specified.

If using both options is not useful, we should document this here to explain this limit.

The vment.h header also mentions these options:

/*!
 * @constant vmnet_host_ip_address_key
 * The IPv4 address (string) to be set on the host interface.
 *
 * This property is only applicable if vmnet_network_identifier_key
 * is also specified.
 */
extern const char * const
vmnet_host_ip_address_key API_AVAILABLE(macos(11.0)) API_UNAVAILABLE(ios, watchos, tvos);

/*!
 * @constant vmnet_host_subnet_mask_key
 * The IPv4 subnet mask (string) to be set on the host interface.
 *
 * Must be specified with vmnet_host_ip_address_key.
 */
extern const char * const
vmnet_host_subnet_mask_key API_AVAILABLE(macos(11.0)) API_UNAVAILABLE(ios, watchos, tvos);

/*!
 * @constant vmnet_host_ipv6_address_key
 * The IPv6 address (string) to be set on the host interface.
 *
 * This property is only applicable if vmnet_network_identifier_key
 * is also specified.
 */
extern const char * const
vmnet_host_ipv6_address_key API_AVAILABLE(macos(11.0)) API_UNAVAILABLE(ios, watchos, tvos);

All of these can be used only in vmnet_network_identifier_key is specified, so we if we provide this option, we should also provide the additional options.

I know this may not be related to your use case of testing pre server, but socket_vment can be used or other purposes.

} else {
if (cliopt->vmnet_gateway != NULL) {
xpc_dictionary_set_string(dict, vmnet_start_address_key, cliopt->vmnet_gateway);
xpc_dictionary_set_string(dict, vmnet_end_address_key, cliopt->vmnet_dhcp_end);
xpc_dictionary_set_string(dict, vmnet_subnet_mask_key, cliopt->vmnet_mask);
}
}

xpc_dictionary_set_uuid(dict, vmnet_interface_id_key, cliopt->vmnet_interface_id);
Expand Down